These things are the core of the Open-Xchange approach. We firmly believe that privacy is a fundamental right for all users of communication services, and we are committed to adhering to the highest standards of privacy and security for both our products and customers.

On this page you will find:
-
Delivering secure products that support privacy
Learn more
-
Four Commandments of Trusted Internet Services
Learn more
-
Stringent industry standards
Learn more
-
Privacy & compliance
Learn more
-
Trusted partners
Learn more
-
Security ratings and evidence
Learn more
-
Found a vulnerability? Let us know.
Learn more
-
We are open source
Learn more

Delivering secure products that support privacy
- Established information security management system, supported by applying secure coding techniques, and using independent product audits, penetration testing and bug-bounty programs to anchor security in the development of our solutions
- Our products do not collect information that users don't want to share and we do not sell any data to third parties

Four Commandments of Trusted Internet Services
Open-Xchange solutions are developed according to the Four Commandments of Trusted Internet Services:
- A service must be available from many providers
- The service must (also) be available as software
- It must be possible to move user data from one solution to the other
- The software should be available as source code to everyone

Security and privacy in action
Stringent industry standards
- Open-Xchange products and services are based on industry best practice - designed to meet the most stringent privacy and security standards
- We give our customers the tools they need to meet their compliance and reporting requirements, and data ownership, security, transparency and accountability are all fundamental parts of our contracts
- Open-Xchange is ISO/IEC 27001:2022 certified with TUV Rheinland of North America


Privacy & compliance
Trust is an essential part of all our relationships, whether you're a customer, partner or supplier. Transparency is also part of Open-Xchange's DNA, and we work hard to establish and maintain trust. As a result:
- Customers – not Open-Xchange – own their data
- Open-Xchange will not sell your personal data to third parties, and never processes personal data from our services for any other purposes than those agreed on
- If you want to know more, you can download the OX App Suite Cloud Data Processing Overview or the Open-Xchange Technical and Organizational Measures Overview

Security ratings and evidence
- We are happy to provide transparent insight into our security program
- Explore our shared profile to learn about our efforts and check against your vendor compliance requirements
- We love to grant you full access to our security profile, please get in touch to get started!

Found a vulnerability?
In case you have found a security vulnerability at one of our products or a service run by OX, we are more than happy to work with you on resolving it swiftly. To prevent a potential vulnerability being abused by criminals, we ask you to report such findings to us confidentially and not share them publicly before their remediation. We will coordinate a resolution and disclosure and grant attribution to the researcher if desired.
Bug-bounty: You can use our public bug-bounty program at yeswehack.com/programs. There are separate programs for our App Suite, Dovecot and PowerDNS products. This is the only way we can compensate you for a finding.
Direct contact: If you do not want to sign up for the bug-bounty program or found a vulnerability that is not in scope, please use https://vdp.open-xchange.com/ to report the vulnerability to us.
Customers can find more details about the remediation and disclosure process here.

We are open source
- All Open-Xchange products are open
- Source code level access to all components for complete transparency and long term support
- Auditability ensures data privacy and security over all components
- OX supports a federated internet model with no all-dominant players or walled gardens
- Open and published APIs: open standards enable extensibility and differentiation
- Contributions from the open-source community enhance robustness and reliability
